1. President Obama Signs FOIA Reform Bill Into Law

Celebrating 50 years since the enactment of the Freedom of Information Act, President Obama signed into law the FOIA Improvements Act of 2016. The President's signing comes just days before the 50th anniversary of the Act, which was signed into law on July 4, 1966. The FOIA reform bill was introduced in Congress in 2015 and was passed earlier this June.

Acknowledging the significance of the bill's passage, Senator Patrick Leahy (D-Vt.), a champion of open government, stated, "Our founders had the revolutionary vision to create a government of, by, and for the people. Today we have helped strengthen that ideal." EPIC and many open government advocates urged the President to support these reforms.

The FOIA Improvements Act brings much needed improvements to the nation's open government law. For example, the Act requires the government to create a new one-stop portal for requesters. The Act also mandates the proactive disclosure to the public of records requested three or more times. Importantly, the new law strengthens the Office of Government Information Services by authorizing the FOIA watchdog to report to Congress directly and to propose legislative recommendations without prior approval from other agencies. The new law also codifies the "presumption of openness" in the processing of requests for information about the federal government.

Significantly, the FOIA Improvements Act places a 25-year limit on the application of Exemption 5 to "deliberative process" documents. The deliberative process privilege is the most commonly invoked Exemption 5 privilege and is designed to protect the decisionmaking processes of government agencies. By capping this exemption at 25 years, the Act ensures that the decisionmaking process of the federal government does not remain secret indefinitely.

The Privacy Shield aims to replace the Safe Harbor framework for commercial data flows between the EU and the US, which was struck down by the Court of Justice of the European Union in October 2015. Citing to that decision, leading EU privacy advocates Max Schrems and Jan-Philipp Albrecht predicted that the "Privacy Shield will share the history of the previous Safe Harbor and be invalidated by the European Court of Justice." The Privacy Shield agreement faces a similar legal landscape as its predecessor, and seeks to compensate for the lack of US data protection laws by reliance on government assurances rather than enforceable legislation.

"Sadly, for both privacy and for business, this agreement helps nobody at all," said Joe McNamee, executive director of European Digital Rights (EDRi). "We now have to wait until the Court again rules that the deal is illegal and then, maybe, the EU and US can negotiate a credible arrangement that actually respects the law, engenders trust and protects our fundamental rights."

EPIC has advocated for the US to reform its domestic laws and international commitments to provide adequate safeguards for privacy and data protection rights of consumers on both sides of the Atlantic.

3. EPIC Scrutinizes FBI's Massive Biometrics Database

In comments to the FBI, EPIC criticized the Bureau's proposal to remove Privacy Act safeguards from a database containing biometric data on millions of people. Known as Next Generation Identification (NGI), the FBI's biometric database collects numerous biometric identifiers including fingerprints, facial scans, and iris scans. Biometric data is collected on arrestees and people with records, as well as individuals with no connection to the criminal justice system. The FBI keeps biometric data for decades beyond the need to fulfill the stated purpose for which the data was originally collected.

The FBI's proposal would exempt the NGI database from the Privacy Act requirements of accuracy, relevancy and necessity, accounting disclosures, individual access to records, and civil remedies. EPIC argued that such broad exemptions will "increase the secrecy of the database and erode agency accountability." A recent GAO report on the FBI's use of facial recognition has already found that the FBI has failed to update the public in a timely manner regarding the Bureau's expanding use of facial recognition. EPIC also warned the FBI of the potential for data breaches. In its comments, EPIC stated that "the over collection of detailed, sensitive information is problematic particularly in light of the rise of government data breaches."

Recently, EPIC and a coalition of 45 organizations urged Congress to hold a hearing on the FBI's NGI database and the Bureau's use of facial recognition. The letter stated that "[o]versight hearings promote transparency and accountability and help ensure that the FBI fulfills its mission while upholding American values and constitutional freedoms."

EPIC previously sued the FBI for details about NGI. In the EPIC v. FBI FOIA case, EPIC obtained thousands of pages of documents. According to the System Requirements for the NGI database obtained by EPIC, "NGI shall return an incorrect candidate a maximum of 20% of the time."

4. Wiretaps Increase Sharply in 2015, No Evidence of Government Surveillance "Going Dark"

According to the newly released 2015 Wiretap Report, federal and state courts issued a combined 4,148 orders for the interception of wire, oral, or electronic communications in 2015, representing a 17 percent increase from 2014. State judges authorized 2,745 wiretaps last year, and federal judges authorized 1,403. Wiretap orders in California alone accounted for 41 percent of all state authorizations. "No wiretap applications were reported as denied in 2015," the report states. In 2014, only one application was denied.

While government surveillance activity increased dramatically, the number of cases where investigators encountered encryption dropped significantly. Encryption was encountered in only 13 state and federal wiretaps in 2015, less than one percent of the total wiretaps authorized that year. The number of state wiretaps in which encryption was encountered decreased by 68 percent, from 22 in 2014 to 7 in 2015. Law enforcement claims of "going dark" due to new encryption technologies continue to be contradicted by surveillance reports.

Drug offenses were the most frequent type of criminal offense investigated using wiretaps in 2015: 79 percent of all applications for intercepts (3,292 wiretaps) cited illegal drugs as the most serious offense under investigation. Wiretaps were in operation for an average of 43 days in 2015, 9 days longer than the 34-day average in 2014. Wiretap surveillance led to the convictions of 590 individuals last year.

5. EPIC Sues for Release of Government Oversight Reports

EPIC has filed a Freedom of Information Act (FOIA) lawsuit against the Department of Justice to obtain the agency's secret oversight investigation reports. The stated mission of the DOJ's Office of the Inspector General is "to detect and deter waste, fraud, abuse, and misconduct in DOJ programs and personnel, and to promote economy and efficiency in those programs." The Inspector General conducts investigations, evaluations, and audits to help ensure the DOJ is being managed in an ethical and responsible manner. The results of these internal investigations offer an insight into the workings of the DOJ and allow the public to better understand how the Department functions and the measures being taken to increase the efficiency and effectiveness of the office. The OIG describes its findings and recommendations in reports, some of which are published on the agency's website. However, not all OIG reports are made public.

In November 2015, EPIC submitted a FOIA request seeking portions of certain non-public OIG reports. Specifically, EPIC sought the title pages, tables of contents, and executive summaries of certain final, non-public Inspector General reports created since January 1, 2005. Under the FOIA, the agency had twenty business days to make a determination about whether to grant or deny a FOIA request. The DOJ had not made a determination about EPIC's FOIA request in over 122 days at the time EPIC filed suit. EPIC's complaint alleges that the DOJ has failed to comply with statutory deadlines and unlawfully withheld agency records.

EPIC's Open Government project seeks to ensure that the public is fully informed about the activities of government. EPIC previously obtained oversight reports on the CIA surveillance of Muslims in New York, and CIA spying on Senate staff.

News in Brief

US Government Loses on Overseas Data Searches

A federal appeals court has ruled that the US government cannot seize user data in foreign data centers under the Stored Communications Act. The decision reverses a lower court opinion that would have required Microsoft to hand over the contents of an email account stored in Ireland. The appeals court concluded that the purpose of the Act was to protect "users' privacy interests in stored communications" not the creation of law enforcement powers that could reach overseas. The decision will likely bolster efforts to keep data in jurisdictions with stronger privacy safeguards. EPIC has recommended US ratification of the International Privacy Convention to preserve transborder data flows.

In response to an EPIC Freedom of Information Act lawsuit, the Department of Transportation has released to EPIC another set of documents from the agency's secret meetings with industry groups about drone policy. The newly released documents, which summarize an extensive three-day meeting between the FAA and industry groups, is conspicuously silent on privacy, despite public comments urging the agency to address privacy concerns. In a related development, the FAA final rule on commercial drones failed to address the privacy risks of deploying drones in the United States.

FAA Reauthorization Grounds Drone Privacy Safeguards

Shortly before adjourning, Congress passed the FAA Extension, Safety and Security Act of 2016 without drone privacy provisions authored by Senator Markey, included in the original legislation. "Now is the time to prevent these eyes in the skies from becoming spies in the skies," Senator Markey said. EPIC urged Congress and the FAA to establish limits on drone surveillance. In EPIC v. FAA, EPIC challenged the FAA's failure to establish drone privacy regulations following a petition endorsed by more than 100 experts and organizations. EPIC's proposal to require remote identification of drones was incorporated in the legislation enacted by Congress.

EPIC Tells FCC to Reject "Notice and Choice" Approach to Privacy

EPIC has filed reply comments with the Federal Communications Commission on the proposed broadband privacy rules. EPIC said that the proposed rules are a modest first step and that the FCC has legal authority to do more to safeguard American consumers. EPIC also responded to erroneous statements from industry groups that the FTC's "notice and choice" framework safeguards consumer privacy. EPIC described numerous shortcomings, including lack of enforcement, frequent changes in privacy policies, and data breaches. "Notice and choice" is "directly at odds with baseline privacy standards," EPIC said. EPIC previouslyurged the Commission to "address the full range of communications privacy issues facing US consumers" and to apply the Consumer Privacy Bill of Rights to communications data.

Coalition Urges President to Nominate New Member for Oversight Board

EPIC and many privacy and civil liberties organizations have urged President Obama to promptly nominate a new member to the Privacy and Civil Liberties Oversight Board with a strong civil liberties background. The coalition argued that the Oversight Board's "role is too important to allow it to slip back into dormancy, even for a few months." The previous Chair David Medine recently stepped down, leaving a vacancy on the five-member panel, responsible for overseeing privacy protection. EPIC has urged the Board to review surveillance under Executive Order 12333 and recommended the Board ensure Privacy Act compliance across the federal government.

EPIC Sues for Release of Government Oversight Reports

EPIC has filed a FOIA lawsuit against the Department of Justice to obtain the agency's secret watchdog reports. The mission of the Office of the Inspector General is "to detect and deter waste, fraud, abuse, and misconduct." However, many of the reports are kept secret. Those reports, EPIC explained in the complaint, "are critical for the public to understand the measures taken to increase the efficiency and effectiveness of the DOJ, and as a mechanism to hold the agency accountable." EPIC previously obtained oversight reports on the CIA surveillance of Muslims in New York, and CIA spying on Senate staff.

U.N. Passes Resolution Condemning Internet Shutdowns

The United Nations Human Rights Council passed a resolution to support human rights online. The resolution condemns internet shutdowns that have become more common around the world. In accordance with the Universal Declaration of Human Rights, the resolution reaffirms the U.N.'s stance that "the same rights people have offline must also be protected online." EPIC joined an international coalition of civil society organizations to reject disruption of Internet access. EPIC previously sued the Department of Homeland Security to obtain public release of the US shutdown policy following the suspension of cell phone service during a peaceful protest at a BART transit station in San Francisco. Portions of the government policy "Standard Operating Procedure 303" were eventually released to EPIC.

Recent EPIC publications:

The Third Edition of "Privacy Law and Society" is the most comprehensive casebook on privacy law ever produced. It traces the development of modern privacy law, from the early tort cases to present day disputes over drone surveillance and facial recognition. The text examines the philosophical roots of privacy claims and the significant court cases and statues that have emerged. The text provides detailed commentary on leading cases and insight into emerging issues. The text includes new material on developments in the European Union, decisions grounded in fundamental rights jurisprudence, and exposes readers to current debates over cloud computing, online profiling, and the role of the Federal Trade Commission. Privacy Law and Society is the leading and most current text in the privacy field.

Privacy in the Modern Age: The Search for Solutions, edited by Marc Rotenberg, Julia Horwitz and Jeramie Scott. The New Press (May 2015). Price: $25.95.

The threats to privacy are well known: The National Security Agency tracks our phone calls; Google records where we go online and how we set our thermostats; Facebook changes our privacy settings when it wishes; Target gets hacked and loses control of our credit card information; our medical records are available for sale to strangers; our children are fingerprinted and their every test score saved for posterity; and small robots patrol our schoolyards while drones may soon fill our skies.

The contributors to this anthology don't simply describe these problems or warn about the loss of privacy -- they propose solutions